This month, thanks in part to the Microsoft Ignite event, significant updates have been announced for Azure Management Services. Through this series of monthly articles, we aim to provide an overview of the most relevant news, keeping you informed about these developments and offering essential information to explore these topics further.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Overview of Management Services in Azure
Govern
Azure Cost Management
Updates for Microsoft Cost Management
Microsoft continually strives to improve Microsoft Cost Management, a solution designed to provide greater visibility into cloud spending, identify and prevent incorrect spending patterns, and optimize costs. This article highlights some of the latest enhancements and updates to this solution, including:
Exports to Microsoft Fabric (preview): With a new connection to Microsoft Fabric, users can export cost and pricing datasets directly into OneLake. This feature simplifies data integration into the Fabric system, eliminating the need for manual transfers from storage accounts.
Azure OpenAI Cost View: Managing Azure OpenAI Service costs is now easier with a new integrated view in Cost Analysis. This feature allows users to:
- View execution costs for OpenAI models over specific periods.
- Include costs of reserved purchases within the selected subscription.
- Access the new view quickly under “Smart Views” in Cost Analysis.
Cost Simulations with Copilot: Azure Copilot now includes cost estimates for OpenAI deployments based on tokens. For example, users can simulate scenarios like a 15% increase to predict cost impacts, helping with better budget management.
Copilot-Cost Analysis Integration: The Copilot experience for Cost Management is enhanced with Cost Analysis integration in generated responses. Using the “View in Cost Analysis” button, users can:
- Access a custom view based on their request.
- Analyze costs with specific parameters.
- Share the view with their team and set up email alerts.
Secure
Microsoft Defender for Cloud
AI Security Posture Management for Multicloud Environments
Microsoft Defender for Cloud expands its capabilities to manage the security of generative AI models. New features include:
- Extended Support for Amazon Bedrock: Enables deep discovery of AWS AI technologies, including new recommendations and attack paths to enhance security.
- AI Grounding Data Insights: Provides detailed analysis of datasets used for AI models, identifying associated risks and offering tools for vulnerability prioritization.
These capabilities ensure robust security for AI models, improving data governance and reducing associated risks.
Enhanced Container Security Features (preview)
In addition to existing container capabilities, significant new features include:
- Detection and Response to Suspicious Activity: Defender for Cloud allows custom queries to detect anomalous behavior, improving runtime vulnerability management.
- Rapid Containment: Enables limiting communication between pods or isolating networks to prevent unauthorized access to sensitive data.
- AI Support for SOC: AI provides guided remediation, assisting security teams with step-by-step instructions to resolve incidents efficiently, even with limited expertise.
These features represent a further step toward comprehensive container protection.
API Security Enhancements with Microsoft Defender for Cloud (preview)
Microsoft Defender for Cloud introduces advanced features to enhance API security, addressing the growing importance of these interfaces in modern application models. New capabilities include:
- Native Integration with CSPM: Provides complete API visibility through Azure API Management, mapping both front-end and back-end elements for holistic risk management.
- API Data Classification: Now includes query strings and URL path parameters, supporting in-depth analysis and triage of data in transit.
- Security Recommendations: Highlights exploitable attack paths, providing specific context for data exposure scenarios.
These features help organizations mitigate API risks and strengthen application security posture.
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, you can refer to this page, which provides information about new features, bug fixes, and deprecated functionalities.
Protect
Azure Backup
Regional Disaster Recovery with Azure Backup for AKS
Azure announces the availability of Vaulted Backup support for Azure Kubernetes Service (AKS), an important innovation that ensures protection, compliance, and resilience for cloud-native applications against regional disasters.
Key benefits for Azure customers:
- Cross-Regional Recovery: The Cross-Region Restore functionality enables critical failover, ensuring business continuity and compliance with disaster recovery regulations.
- Regulatory Compliance: Support for long-term retention (LTR) of data for up to 10 years, adhering to major global compliance frameworks.
- Enhanced Security and Resilience: With immutable vaults and role-based access control, backup data is protected from ransomware and unauthorized access.
With the GA support for AKS Vaulted Backup, Azure Backup simplifies compliance, improves resilience, and strengthens the security of cloud-native environments.
Default Security with Soft Delete in Azure Backup (Preview)
Azure Backup introduces soft delete functionality, a default-enabled security measure that allows deleted backup data to be recovered for a period of 14 days. By enabling soft delete at the vault level, Azure provides default protection for all customers, preventing accidental or intentional data loss.
Immutable WORM Storage for Backups in Recovery Services Vaults (Preview)
Azure Backup introduces immutable WORM (Write Once, Read Many) storage for backups in Recovery Services Vaults. Once immutability is enabled and activated, Recovery Points cannot be deleted or have their retention periods reduced before expiration.
Key features:
- Meets compliance requirements with immutable storage.
- Applicable to both existing and new vaults with locked immutability.
- Currently available in preview in limited regions.
This feature ensures advanced protection for backup data, reducing the risk of tampering and meeting regulatory compliance needs.
Migrate
Azure Migrate
New Capabilities of Azure Migrate for Hybrid Cloud Migration and Management
Azure Migrate introduces advanced tools to support the planning and management of migrations to Azure and hybrid environments. Customers can now create a detailed business case to compare the Total Cost of Ownership (TCO) of on-premises workloads versus Azure, as well as view annual financial analyses during the transition process.
Key updates:
- Azure Arc Value Assessment: Customers can compare the current TCO of on-premises environments with the estimated TCO using Azure Arc, evaluating savings and benefits such as Extended Security Updates (ESUs) and SQL Pay-As-You-Go on Azure Arc-enabled SQL Server.
- Hybrid Cloud Management: Visualize the benefits of security and management tools like Microsoft Defender for Cloud, Azure Monitor, and Azure Update Manager applied to on-premises environments via Azure Arc.
- Customized Planning: For those not migrating everything or planning a phased migration, it’s possible to compare combined on-premises and Azure costs to optimize strategy.
These tools offer greater flexibility and transparency, enabling customers to download reports and involve stakeholders in the decision-making process.
New Releases and Features of Azure Migrate
To stay updated on the latest developments, visit this page, which provides information on new releases and features. This month, notable highlights include:
- Cost Assessments for AVS: Support for the AV64 SKU and the external storage option with Azure NetApp Files.
- Enterprise Linux Machine Migration: Capability to transfer RHEL and SLES machines from VMware and Hyper-V environments to Azure, leveraging the Azure Hybrid Benefit.
Azure Evaluation
For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.
